[Openswan Users] NAT-T with Road warrior scenario

ragothaman prasath rkprasath at yahoo.com
Tue Apr 1 07:35:43 EDT 2008


Hi,

I have implemented the NAT-Traversal in Route Finder
box.
It was working fine with vpn gateways behind NAT.

But with the Road Warrior scenario (IPsec VPN client),
it was failing. 

The logs are as below:

Jan  1 02:02:40 pluto[7258]: "test" #1: max number of
retransmissions (2) reached STATE_MAIN_I3.  Possible
authentication failure: no acceptable response to our
first encrypted message
Jan  1 02:01:30 pluto[7258]: "test" #1: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jan  1 02:01:30 pluto[7258]: "test" #1: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: i am
NATed
Jan  1 02:01:30 pluto[7258]: "test" #1: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jan  1 02:01:30 pluto[7258]: "test" #1: enabling
possible NAT-traversal with method RFC 3947
(NAT-Traversal)
Jan  1 02:01:30 pluto[7258]: "test" #1: received
Vendor ID payload [Dead Peer Detection]
Jan  1 02:01:30 pluto[7258]: "test" #1: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jan  1 01:59:00 pluto[7258]: "test" #1: initiating
Main Mode
Jan  1 01:59:00 pluto[7258]: added connection
description "test"
Jan  1 01:58:57 pluto[7258]: adding interface
ipsec0/eth0 192.168.6.133:4500
Jan  1 01:58:57 pluto[7258]: adding interface
ipsec0/eth0 192.168.6.133:500
Jan  1 01:58:57 pluto[7258]: adding interface
ipsec1/br0 192.168.3.132:4500
Jan  1 01:58:57 pluto[7258]: adding interface
ipsec1/br0 192.168.3.132:500
Jan  1 01:58:57 ipsec_setup: Starting Openswan IPsec
U/K2.3.1...

The same set up without NAT-T and with IPsec
passthrough enabled in NAT device is working fine.

Please suggest how to check the authentication
problem?

Thanks,
Regards,
Prasath RK.


      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com


More information about the Users mailing list